CVE-2023-5296

MEDIUM

rockoa 1.1/2.3.2/15.X3amdi - Weak Password Recovery Mechanism in Password Handler

Title source: llm
STIX 2.1

Description

A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240926 is the identifier assigned to this vulnerability.

References (3)

Core 3
Core References
Third Party Advisory vdb-entry technical-description
https://vuldb.com/?id.240926
Permissions Required, Third Party Advisory signature permissions-required
https://vuldb.com/?ctiid.240926
Exploit, Issue Tracking exploit issue-tracking
https://github.com/magicwave18/vuldb/issues/1

Scores

CVSS v3 4.3
EPSS 0.0042
EPSS Percentile 33.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-640
Status published
Products (3)
rockoa/rockoa 1.1
rockoa/rockoa 2.3.2
rockoa/rockoa 15.x3amdi
Published Sep 29, 2023
Tracked Since Feb 18, 2026